What data are we handing over to DNA profilers?

What’s in your DNA? Well, it contains markers for disease, hair and eye color, possible personality traits, your heritage… Fundamentally, DNA is what makes you, you. Hey, you could probably even clone someone from a saliva sample some years down the track.

And we are giving this to a commercial company just for a chance to see if our great-great-great-great grandmother was royalty, or if we’re distantly related to George Clooney?
More importantly, to whom are we handing over the essence of ourselves? And by what rules are they bound?

By what rules do genetic testing companies have to play?

At present, there is little, if any overarching legislation regarding direct to consumer genetic testing guidelines. While France and Germany have banned consumer genetic testing, other nations have no specific law.

In the US, the FDA has come up with some guidelines such as testing requirements and a review. But in terms of laws surrounding governance? That’s on a state-by-state basis and derived from other non-specific regulations.

Could this be a case of technology accelerating faster than the regulators? By the time the possible implications of massive commercial DNA databases are properly discussed in a regulatory sense, it’s going to be like trying to play catch up with Usain Bolt.

A look at the privacy policies of genetic testing companies

At present, it’s mainly up to the DNA profiling companies themselves to put in place security and privacy policies. So how are they doing?

Let’s break down part of the privacy policy at Ancestry.com, for example:

“[Ancestry.com] may also use your information in genealogical or genomic research projects, to improve or develop new products and services, and for internal business purposes…”

Meaning, Ancestry.com will use your DNA:

in research (what kind of research exactly? Researching if there’s a serial killer gene?)

for new products and services (“great idea Jim! Let’s open a dating arm of the business!”)

for “internal business purposes” (okay, so what if my genetics end up being able to determine how susceptible I am to certain forms of marketing, eesh!)

“[Ancestry.com] do not share common identifying information linked to your genetic or health data with third parties unless we obtain your explicit consent or are required to do so.”

There are no conditions of what constitutes “required,” but, in 2017, US-based Ancestry.com received 34 criminal subpoenas from the US, Germany, Canada, and the UK. And they released data in 31 of those cases.

“[Ancestry.com] use your Personal Information to market new products and offers from us or our business partners. This includes advertising personalized to you based on your interests.”

This one speaks for itself!

How secure is the data you submit for genetic testing?

Well, how secure is any data? If you’re a US citizen with a credit report, your sensitive personal data was probably exposed by Equifax along with 143 million other people’s.